rocknbil - 10:33 pm on Jan 11, 2010 (gmt 0)

One second .... is there any other data with this query string?

Reason I ask is if you have a query like this

select * from table where field like "%$term"

A quote can do some serious damage.

$term = 'blah%22%20or%201=1%22';

Add those two together,

select * from table where field like "%blah" or 1=1"

And you have a basic mysql injection that displays all records from a given table.